Tag: microsoft

Microsoft patches zero-days in .NET and SQL Server

Mar 11, 2026 12:47 AM

Tags: microsoft, rce, remote-code-execution, sql, update, zero-day

Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639784/Microsoft-patches-zero-days-in-NET-and-SQL-Server
Hackers Pose as IT Staff in Microsoft Teams to Install Malware

Mar 11, 2026 12:47 AM

Tags: access, corporate, hacker, malware, microsoft

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. The post Hackers Pose as IT Staff in Microsoft Teams to Install Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-it-impersonation-malware-attack/
Microsoft Patch Tuesday for March 2026, Snort rules and prominent vulnerabilities

Mar 10, 2026 11:48 PM

Tags: microsoft, update, vulnerability

Microsoft has released its monthly security update for”¯March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as “critical.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-march-2026/
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Mar 10, 2026 10:48 PM

Tags: access, ai, attack, authentication, best-practice, cve, cyber, data, dos, exploit, flaw, identity, infrastructure, iot, linux, microsoft, mobile, office, rce, remote-code-execution, service, sql, tool, update, vulnerability, windows

8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack

Mar 10, 2026 10:48 PM

Tags: attack, data, finance, microsoft

Could steal sensitive personal and financial data First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/zeroclick_microsoft_info_disclosure_bug/
Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days

Mar 10, 2026 9:48 PM

Tags: exploit, microsoft, update, vulnerability, zero-day

The vendor said six of the 83 vulnerabilities it addressed this month are more likely to be exploited. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-march-2026/
Teams Social Engineering Campaign Drops A0Backdoor Malware

Mar 10, 2026 9:48 PM

Tags: malware, microsoft, social-engineering

Attackers are using Microsoft Teams impersonation to deliver A0Backdoor malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teams-social-engineering-campaign-drops-a0backdoor-malware/
Microsoft releases Windows 10 KB5078885 extended security update

Mar 10, 2026 7:49 PM

Tags: microsoft, update, vulnerability, windows, zero-day

Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5078885-extended-security-update/
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Mar 10, 2026 7:49 PM

Tags: flaw, microsoft, update, zero-day

Today is Microsoft’s March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/
Windows 11 KB5079473 & KB5078883 cumulative updates released

Mar 10, 2026 7:49 PM

Tags: microsoft, update, vulnerability, windows

Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5079473-and-kb5078883-cumulative-updates-released/
Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys

Mar 10, 2026 5:47 PM

Tags: authentication, microsoft, passkey, phishing, windows

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-entra-brings-phishing-resistant-sign-in-to-windows/
Microsoft flips Windows Autopatch to default hotpatch security updates

Mar 10, 2026 3:48 PM

Tags: microsoft, update, windows

Microsoft is changing the default behavior in Windows Autopatch so that hotpatch security updates are enabled automatically for eligible devices managed through Microsoft … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/microsoft-windows-autopatch-default-security-updates/
Microsoft to enable Windows hotpatch security updates by default

Mar 10, 2026 12:47 PM

Tags: api, microsoft, update, windows

Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-enable-hotpatch-security-updates-by-default-in-may/
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform

Mar 10, 2026 10:47 AM

Tags: 2fa, email, infrastructure, law, microsoft, phishing, service

Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
WA auditor general flags weak Microsoft 365 security controls across state entities

Mar 10, 2026 8:47 AM

Tags: breach, control, data, government, microsoft, office

Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639954/WA-auditor-flags-weak-Microsoft-365-security-controls-across-state-entities
Signed malware posing as Teams and Zoom apps drops RMM backdoors

Mar 10, 2026 8:47 AM

Tags: access, adobe, backdoor, cyber, malware, microsoft, monitoring, phishing, threat

A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in…
Hackers Use Microsoft Teams to Manipulate Employees Into Allowing Remote Access

Mar 10, 2026 6:47 AM

Tags: access, cyber, cybersecurity, email, finance, group, hacker, healthcare, malware, microsoft, threat, tool

A newly discovered malware operation is targeting employees at finance and healthcare organizations by posing as internal IT support. Once inside, the attackers deploy a stealthy new tool called the A0Backdoor. Cybersecurity researchers at BlueVoyant have identified a threat group, known as Blitz Brigantine or Storm-1811, using email bombing and Microsoft Teams messages to trick…
Microsoft Teams phishing targets employees with A0Backdoor malware

Mar 10, 2026 1:48 AM

Tags: access, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
Microsoft Teams phishing targets employees with A0Backdoor malware

Mar 10, 2026 1:48 AM

Tags: access, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
Microsoft Teams phishing targets employees with backdoors

Mar 10, 2026 12:47 AM

Tags: access, backdoor, hacker, healthcare, malware, microsoft, phishing

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
Meta’s AI Safety Chief Couldn’t Stop Her Own Agent. What Makes You Think You Can Stop Yours?

Mar 9, 2026 8:48 PM

Tags: ai, exploit, github, microsoft, open-source, threat

Two incidents from the last two weeks of February need to be read together, because separately they look like cautionary anecdotes and together they look like a threat doctrine. Incident One: An autonomous bot called hackerbot-claw attacked seven major open-source repositories”, Microsoft, DataDog, the CNCF, and Trivy among them. It exploited a well-documented GitHub Actions…
Microsoft Teams will tag third-party bots trying to join meetings

Mar 9, 2026 6:47 PM

Tags: control, microsoft

Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-tag-third-party-bots-in-meeting-lobbies/
Microsoft still working to fix Windows Explorer white flashes

Mar 9, 2026 3:48 PM

Tags: microsoft, windows

Microsoft has confirmed that it’s still working to fully address a known issue that causes bright white flashes when opening the File Explorer on some Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-still-working-to-fix-windows-explorer-white-flashes/
Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns

Mar 9, 2026 1:47 PM

Tags: apple, microsoft, risk

This isn’t just a nostalgia trip billions of legacy microcontrollers may be at risk First seen on theregister.com Jump to article: www.theregister.com/2026/03/09/claude_legacy_code_vulns/
Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns

Mar 9, 2026 1:47 PM

Tags: apple, microsoft, risk

This isn’t just a nostalgia trip billions of legacy microcontrollers may be at risk First seen on theregister.com Jump to article: www.theregister.com/2026/03/09/claude_legacy_code_vulns/
Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns

Mar 9, 2026 1:47 PM

Tags: apple, microsoft, risk

This isn’t just a nostalgia trip billions of legacy microcontrollers may be at risk First seen on theregister.com Jump to article: www.theregister.com/2026/03/09/claude_legacy_code_vulns/
AI Bot Hackerbot-Claw Targets Microsoft, DataDog and CNCF GitHub Repos

Mar 9, 2026 1:47 PM

Tags: ai, github, microsoft

Security firm Pillar reveals the Chaos Agent in which Hackerbot-Claw, an AI agent, used natural language to compromise major GitHub projects and hijack developer tools. First seen on hackread.com Jump to article: hackread.com/ai-bot-hackerbot-claw-microsoft-datadog-github-repos/
Fake AI Extensions Breached Chat Histories in 20,000+ Enterprise Tenants

Mar 9, 2026 6:48 AM

Tags: ai, breach, browser, chrome, cyber, data, google, malicious, microsoft

Microsoft has issued an alert after uncovering a wave of malicious Chromium-based browser extensions masquerading as legitimate AI assistant tools. The extensions, available on the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, secretly collected private browser data and AI chat content. Microsoft found that stolen data included full URLs, internal site…